[Cerowrt-devel] bcp 38
Dave Taht
dave.taht at gmail.com
Mon Jun 17 02:07:44 EDT 2013
I have had this in place for ages, hopefully blocking egress of local
networks outside the nat. It appears to work...
iptables -t mangle -I POSTROUTING -d
192.168.0.0/16,172.16.0.0/12,10.0.0.0/8 -o ge00 -j DROP
but what I'd wanted was to actually send a reason for it, but putting
the reason in icmp...
iptables -t mangle -I POSTROUTING -d
192.168.0.0/16,172.16.0.0/12,10.0.0.0/8 -o ge00 -j REJECT
--reject-with icmp-host-unreachable
but that doesn't, saying that I can't put it in the mangle table, and
there isn't a postrouting table in the filter table...
--
Dave Täht
Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
More information about the Cerowrt-devel
mailing list